Merge "Adds config options for using SSL"

2016-02-17 12:30:31 +00:00 · 2016-02-17 12:30:31 +00:00 · 1cecca3478
commit 1cecca3478
parent 0afbe17cdf 06134e437a
3 changed files with 14 additions and 4 deletions
--- a/kuryr/common/config.py
+++ b/kuryr/common/config.py
@ -75,6 +75,12 @@ keystone_opts = [
    cfg.StrOpt('admin_token',
               default=os.environ.get('SERVICE_TOKEN'),
               help=_('The admin token.')),
+    cfg.StrOpt('auth_ca_cert',
+               default=os.environ.get('SERVICE_CA_CERT'),
+               help=_('The CA certification file.')),
+    cfg.BoolOpt('auth_insecure',
+                default=False,
+                help=_("Turn off verification of the certificate for ssl")),
 ]
 binding_opts = [
    cfg.StrOpt('veth_dst_prefix',
--- a/kuryr/controllers.py
+++ b/kuryr/controllers.py
@ -88,13 +88,16 @@ def get_neutron_client():
    password = keystone_conf.admin_password
    auth_token = keystone_conf.admin_token
    auth_uri = keystone_conf.auth_uri.rstrip('/')
+    ca_cert = keystone_conf.auth_ca_cert
+    insecure = keystone_conf.auth_insecure

    neutron_uri = cfg.CONF.neutron_client.neutron_uri
    if username and password:
        # Authenticate with password crentials
        neutron_client = utils.get_neutron_client(
            url=neutron_uri, username=username, tenant_name=tenant_name,
-            password=password, auth_url=auth_uri)
+            password=password, auth_url=auth_uri,
+            ca_cert=ca_cert, insecure=insecure)
    else:
        neutron_client = utils.get_neutron_client_simple(
            url=neutron_uri, auth_url=auth_uri, token=auth_token)
--- a/kuryr/utils.py
+++ b/kuryr/utils.py
@ -40,11 +40,12 @@ def get_neutron_client_simple(url, auth_url, token):


 def get_neutron_client(url, username, tenant_name, password,
-                       auth_url, timeout=30):
+                       auth_url, ca_cert, insecure, timeout=30):

    return client_v2.Client(endpoint_url=url, timeout=timeout,
-                           username=username, tenant_name=tenant_name,
-                           password=password, auth_url=auth_url)
+                            username=username, tenant_name=tenant_name,
+                            password=password, auth_url=auth_url,
+                            ca_cert=ca_cert, insecure=insecure)


 # Return all errors as JSON. From http://flask.pocoo.org/snippets/83/